Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-26539

Опубликовано: 08 фев. 2021
Источник: debian

Описание

Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
node-sanitize-htmlnot-affectedpackage

Связанные уязвимости

redhat логотип

CVE-2021-26539

CVSS3: 5.3
redhat
около 5 лет назад

Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.

nvd логотип

CVE-2021-26539

CVSS3: 5.3
nvd
почти 5 лет назад

Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.

github логотип

GHSA-rjqq-98f6-6j3r

CVSS3: 5.3
github
почти 5 лет назад

Improper Input Validation in sanitize-html